News

Google+ Sign-In extends the Google+ social network into third-party websites, desktop applications and mobile apps. This service, announced on February 26th, provides features for authentication, authorization and activity sharing. There is also support for user engagement, hangouts and automatic Android app downloads.

A central theme with Windows 8 is the Microsoft Account. This is another attempt to offer a single sign-on system for both Microsoft and third-party services. Microsoft Account is available for Windows 8 apps, normal websites, Windows Phone, Android, and iOS.

Windows Identity Foundation, Microsoft's framework for integrating claims-based authentication into applications, is now part of the .NET Framework. It was created to simplify work with access control and authentication, and to allow for single sign-on across multiple applications.

The Java Identity API provides a framework for representing and interacting with identity attributes in Java applications. Ron Monzillo, specification lead for JSR 351, the spec for this API, spoke at the JavaOne 2011 Conference last week about the JSR proposal scope, its current state and future plans for the specification.

Twitter is the latest to experience downtime when yesterday the company issued a status update indicating instability within the site. This was the second such report from Twitter this week and follows on the heels of outages experienced this week by Google’s Blogger service and Microsoft’s Business Productivity Online Suite (BPOS).

Today Google announced experimental support for OAuth 2.0 with bearer tokens. In addition, as a side announcement they've launched a new consent page for OAuth 2.0 designed with cleanliness and simplicity in mind.

Last week, Microsoft announced: the cancellation Version 2.0 of its Windows CardSpace identity service, thus deprecating CardSpace; and the immediate availability of Release 2 of the Community Technology Preview of its U-Prove identity service. These announcements are just the latest moves in Microsoft's decade-long struggle to solve the Internet's "identity problem."

Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.

OpenID has promised to simplify the user authentication process across multiple websites, but some complain it has actually created more problems. 37signals, an early supporter of OpenID, has announced the decision to stop using it across its products. Is OpenID delivering what it promised?

Eran Hammer-Lahav, one of the editors of the OAuth 2.0 specification, published a diatribe on the latest standard draft. For him, the current proposal mortgages the future of the Web. He sees the current specification focusing too much on simplicity for the application developer while severely limiting the ability to create discoverable and interoperable services.

Java Enterprise Edition Version 6 release includes new security features in the areas of web container security as well as authentication and authorization aspects of Java application development. These features include programmatic and declarative security enforcement in the web tier. This post gives an overview of these new security features.

Microsoft has entered the cloud and customers are looking into moving their applications to this new platform. In doing so authentication and identity management needs to be addressed. InfoQ Editor Jon Arild Tørresdal talked to Eugenio Pace, Senior Program Manager in the Patterns & Practices team about the recent federation and identity technologies released from Microsoft.

David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.